Closed stof closed 4 years ago
@stof although I agree with you I am not sure it is practical for you to address every OSS dependency in your lockfile.
Although I would like to deprecate rework
engine some people do rely on it to ease their upgrade path. Right now it is not a priority for me to externalise it but I agree that would be ideal.
I've started the process to deprecate rework
for v4 so that it can be removed in v5. See #134.
Given that rework is unmaintained (last release was 5 years ago), it brings a bunch of outdated libraries with it (a very old
convert-source-map
for instance), which increases the size of node_modules and the API surface for potential security issues.By default,
rework
is not used anymore for the engine. Maybe it should not be a dependency anymore.